Apple iOS 4.3.4 jailbreak bugfix jailbroken already

Most iPhone and iPad users are perfectly happy with the software on the device as it is shipped by Apple.

A minority, however, prefer to open up their devices. By doing this, they can:

* Run applications and extensions not approved by Apple.

* Download software from alternative appstores, without tying those downloads to an Apple account.

* Access all the files and configuration data on their device directly, in order better to understand and secure it.

Liberating your device sounds like a great idea, but this behaviour has been stigmatised amongst corporate users.

Firstly, the action of removing artificial security restrictions is known as "jailbreaking," making it sound like a doubly-dangerous criminal act. (Since only crooks are supposed to be in jail in the first place, jailbreakers are not only criminals, but recidivists to boot.)

Secondly, jailbreaking opens up the less security-savvy user to additional risks. Some jailbreakers don't take on the additional responsibility which goes with the increased power over their device. That's how the now-infamous iPhone viruses Ikee and Duh were able to spread.

Thirdly, jailbreaking isn't supposed to be possible. So every jailbreak relies on you exploiting a software vulnerability to escape from Apple's artificial strictures. That means you have to trust the creators of the jailbreak not to abuse the exploit you're choosing to run against your device.

The flipside, of course, is that those who don't jailbreak their phones are trusting Apple not to leave the sort of exploitable hole that would permit crooks to break into the internals of their device.

And Apple hasn't been terribly trustworthy on that score. Despite a solid commercial reason for keeping its devices secure - namely, that an unjailbroken device can only shop at the Apple AppStore - few of Apple's operating system versions stay safe for very long.

Early in July, the JailbreakMe site published an automated, on-line method for opening recent iDevices running iOS 4.3.3.

(The jailbreakers also provided a patch by which you could close the remotely exploitable hole, for your own safety, after jailbreaking.)

Apple, to its credit, caught up within two weeks with an iOS update to version 4.3.4, closing the hole used by JailbreakMe.

But the jailbreakers claim to be back in already. By all reports, the latest jailbreak doesn't work for iPad2 users, and it can't be done simply by visiting a website.

You need to plug your device in to a computer, in what's called a "tethered" jailbreak, and you need to re-jailbreak it every time you reboot.

With this in mind, the tricky question becomes, "Whom should I trust more: Apple or the jailbreakers?"

I can't answer that question - and if your iDevice is provided by your company, you shouldn't try to answer it by yourself.

Perhaps the best way to approach the issue is to rephrase it more equivocally, in the manner of Google, which sets out not to be evil, rather than actually to be good.

So, if you're thinking of jailbreaking, ask yourself, "Do I distrust the jailbreakers." If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process, and be sure you have the explicit permission of the owner of the device.

Actually, we're both unclear in how we explained what we meant. I meant "you can't just visit a website over the air and jailbreak your device" (whether permanently or temporariliy). You have to plug the iOS device _into a computer you have control over_.

That you subsequently need to re-jailbreak your device by tethering it every time you reboot it interesting, and probably important, but it was the "plugging it in to another device" which I meant to emphasise. I have update the article to clarify this.

I trust Apple. Not that I distrust jailbreakers but I have no need to jailbreak my iPhone. I'm not a computer guru so I wouldn't even attempt jailbreaking. Those who know what they are doing and want to do it, all the power to them. I'm happy with my iPhone as it is. I appreciate those who spot vulnerabilities and point them out and hopefully Apple will keep on top of it.

Nice article, the autor has good literature skylls!
Although he should do is homework before writing such a post, is evident that he has no idea what tethered or untethered is and the explanation provided rather confusing and wrong than explanatory, based on this I even question if he is aware of what jailbreak and the risks associated to it...

Not a jailbreak supporter although if I would need any information will defenitly search on the web for something more clear and less self opiniated !

Ahem. The article doesn't tell you how to jailbreak. It touches on the issues for and against the concept. If you want help with the actual jailbreak, the article has a couple of good links on where to start looking.

As for the risks of jailbreaking, you may have missed this part: [J]jailbreaking opens up the less security-savvy user to additional risks. Some jailbreakers don't take on the additional responsibility which goes with the increased power over their device. That's how the now-infamous iPhone viruses Ikee and Duh were able to spread."

If you read the linked-to articles on those two viruses, you'll get some practical insight into the sort of security holes which careless jailbreaking leaves behind. (Apple's use of a global, short, well-known password for the iPhone root account doesn't help.)

This sounds like the 'soft root' (Universal Androot, for those who know it, though that's just one of the methods/tools) we Androiders can use to gain temporary root without violating the OEM's warranty. However the difference is iDevices need to be plugged in and you can't just use an App for temp jailbreaking.

I'm sure there is a way to do a softroot/soft-jailbreak on iDevices without tethering, it just needs to be found :)

I would not say that the bugfix was circumvented, but the exploit used was a previous exploit already known since iOS 4.3 was released, which is a bootrom-based exploit that has nothing to do whatsoever with the JailbreakMe exploit that used a PDF file to do the jailbreaking and cannot be fixed without updating the hardware, which is what Apple did with the iPad 2, which is why it cannot be jailbroken. For all other devices, they still can be jailbroken.

Errr...I'm pretty sure that JailbreakMe 3.0 lets you liberate an iPad 2 running iOS 4.3.3 "over the air". So the iPad 2 is not only jailbreakable, it's jailbreakable without connecting the device to anything except the internet - as long as you haven't updated to iOS 4.3.4 yet.

I think what happybird is trying to say is that iDevices previous to the iPad2 can STILL be jailbroken even while on 4.3.4 because of a bootrom exploit discovered way back in version 4.3. This exploit is hardware-based and cannot ever be fixed by any amount of software updates.

However, Apple fixed this hole in the bootom in the iPad 2 and that is why that device can no longer be jailbroken on the latest firmware version. Happybird is talking in current terms, with the latest firmware.

That is why this latest version is not really "jailbroken already" as you term it, those devices will always be able to be jailbroken, if Apple release 4.3.5 for some reason, or when iOS5 is released. Until a bootrom exploit is discovered in the iPad2 (and iPhone 5 when it released for that matter) the current tools will not be able to jailbreak those devices.

The big news that everyone is ignoring here though is that in 4.3.4 have Apple silently patched the method that an untethered jailbreak has been achieved since 4.1, meaning that not only is an untethered 4.3.4 unlikely, it's probably not going to even warrant extensive research with iOS5 due out so soon.

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog